package org.springframework.security.config.annotation.web.configurers.saml2;

import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.opensaml.core.Version;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider;
import org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationRequestFactory;
import org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider;
import org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationRequestFactory;
import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter;
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
import org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver;
import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestContextResolver;
import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer.class */
public final class Saml2LoginConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractAuthenticationFilterConfigurer<B, Saml2LoginConfigurer<B>, Saml2WebSsoAuthenticationFilter> {
    private String loginPage;
    private String loginProcessingUrl = "/login/saml2/sso/{registrationId}";
    private Saml2LoginConfigurer<B>.AuthenticationRequestEndpointConfig authenticationRequestEndpoint = new AuthenticationRequestEndpointConfig();
    private RelyingPartyRegistrationRepository relyingPartyRegistrationRepository;
    private AuthenticationConverter authenticationConverter;
    private AuthenticationManager authenticationManager;
    private Saml2WebSsoAuthenticationFilter saml2WebSsoAuthenticationFilter;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurer$AuthenticationRequestEndpointConfig.class */
    public final class AuthenticationRequestEndpointConfig {
        private String filterProcessingUrl;

        private AuthenticationRequestEndpointConfig() {
            this.filterProcessingUrl = "/saml2/authenticate/{registrationId}";
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Filter build(B b) {
            Saml2AuthenticationRequestFactory resolver = getResolver(b);
            return (Filter) Saml2LoginConfigurer.this.postProcess(new Saml2WebSsoAuthenticationRequestFilter(getContextResolver(b), resolver));
        }

        private Saml2AuthenticationRequestFactory getResolver(B b) {
            Saml2AuthenticationRequestFactory saml2AuthenticationRequestFactory = (Saml2AuthenticationRequestFactory) Saml2LoginConfigurer.this.getSharedOrBean(b, Saml2AuthenticationRequestFactory.class);
            return saml2AuthenticationRequestFactory == null ? Saml2LoginConfigurer.this.version().startsWith("4") ? new OpenSaml4AuthenticationRequestFactory() : new OpenSamlAuthenticationRequestFactory() : saml2AuthenticationRequestFactory;
        }

        private Saml2AuthenticationRequestContextResolver getContextResolver(B b) {
            Saml2AuthenticationRequestContextResolver saml2AuthenticationRequestContextResolver = (Saml2AuthenticationRequestContextResolver) Saml2LoginConfigurer.this.getBeanOrNull(b, Saml2AuthenticationRequestContextResolver.class);
            return saml2AuthenticationRequestContextResolver == null ? new DefaultSaml2AuthenticationRequestContextResolver(new DefaultRelyingPartyRegistrationResolver(Saml2LoginConfigurer.this.relyingPartyRegistrationRepository)) : saml2AuthenticationRequestContextResolver;
        }
    }

    public Saml2LoginConfigurer<B> authenticationConverter(AuthenticationConverter authenticationConverter) {
        Assert.notNull(authenticationConverter, "authenticationConverter cannot be null");
        this.authenticationConverter = authenticationConverter;
        return this;
    }

    public Saml2LoginConfigurer<B> authenticationManager(AuthenticationManager authenticationManager) {
        Assert.notNull(authenticationManager, "authenticationManager cannot be null");
        this.authenticationManager = authenticationManager;
        return this;
    }

    public Saml2LoginConfigurer relyingPartyRegistrationRepository(RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        this.relyingPartyRegistrationRepository = relyingPartyRegistrationRepository;
        return this;
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
    public Saml2LoginConfigurer<B> loginPage(String str) {
        Assert.hasText(str, "loginPage cannot be empty");
        this.loginPage = str;
        return this;
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
    public Saml2LoginConfigurer<B> loginProcessingUrl(String str) {
        Assert.hasText(str, "loginProcessingUrl cannot be empty");
        Assert.state(str.contains("{registrationId}"), "{registrationId} path variable is required");
        this.loginProcessingUrl = str;
        return this;
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer
    protected RequestMatcher createLoginProcessingUrlMatcher(String str) {
        return new AntPathRequestMatcher(str);
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer, org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void init(B b) throws Exception {
        registerDefaultCsrfOverride(b);
        if (this.relyingPartyRegistrationRepository == null) {
            this.relyingPartyRegistrationRepository = (RelyingPartyRegistrationRepository) getSharedOrBean(b, RelyingPartyRegistrationRepository.class);
        }
        this.saml2WebSsoAuthenticationFilter = new Saml2WebSsoAuthenticationFilter(getAuthenticationConverter(b), this.loginProcessingUrl);
        setAuthenticationFilter(this.saml2WebSsoAuthenticationFilter);
        super.loginProcessingUrl(this.loginProcessingUrl);
        if (StringUtils.hasText(this.loginPage)) {
            super.loginPage(this.loginPage);
            super.init((Saml2LoginConfigurer<B>) b);
        } else {
            Map<String, String> identityProviderUrlMap = getIdentityProviderUrlMap(((AuthenticationRequestEndpointConfig) this.authenticationRequestEndpoint).filterProcessingUrl, this.relyingPartyRegistrationRepository);
            if (identityProviderUrlMap.size() == 1) {
                updateAuthenticationDefaults();
                updateAccessDefaults(b);
                registerAuthenticationEntryPoint(b, new LoginUrlAuthenticationEntryPoint(identityProviderUrlMap.entrySet().iterator().next().getKey()));
            } else {
                super.init((Saml2LoginConfigurer<B>) b);
            }
        }
        initDefaultLoginFilter(b);
    }

    @Override // org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer, org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(B b) throws Exception {
        b.addFilter(this.authenticationRequestEndpoint.build(b));
        super.configure((Saml2LoginConfigurer<B>) b);
        if (this.authenticationManager == null) {
            registerDefaultAuthenticationProvider(b);
        } else {
            this.saml2WebSsoAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
        }
    }

    private AuthenticationConverter getAuthenticationConverter(B b) {
        return this.authenticationConverter == null ? new Saml2AuthenticationTokenConverter(new DefaultRelyingPartyRegistrationResolver(this.relyingPartyRegistrationRepository)) : this.authenticationConverter;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String version() {
        String version = Version.getVersion();
        return version != null ? version : (String) Version.class.getModule().getDescriptor().version().map((v0) -> {
            return v0.toString();
        }).orElseThrow(() -> {
            return new IllegalStateException("cannot determine OpenSAML version");
        });
    }

    private void registerDefaultAuthenticationProvider(B b) {
        if (version().startsWith("4")) {
            b.authenticationProvider((AuthenticationProvider) postProcess(new OpenSaml4AuthenticationProvider()));
        } else {
            b.authenticationProvider((AuthenticationProvider) postProcess(new OpenSamlAuthenticationProvider()));
        }
    }

    private void registerDefaultCsrfOverride(B b) {
        CsrfConfigurer csrfConfigurer = (CsrfConfigurer) b.getConfigurer(CsrfConfigurer.class);
        if (csrfConfigurer == null) {
            return;
        }
        csrfConfigurer.ignoringRequestMatchers(new AntPathRequestMatcher(this.loginProcessingUrl));
    }

    private void initDefaultLoginFilter(B b) {
        DefaultLoginPageGeneratingFilter defaultLoginPageGeneratingFilter = (DefaultLoginPageGeneratingFilter) b.getSharedObject(DefaultLoginPageGeneratingFilter.class);
        if (defaultLoginPageGeneratingFilter == null || isCustomLoginPage()) {
            return;
        }
        defaultLoginPageGeneratingFilter.setSaml2LoginEnabled(true);
        defaultLoginPageGeneratingFilter.setSaml2AuthenticationUrlToProviderName(getIdentityProviderUrlMap(((AuthenticationRequestEndpointConfig) this.authenticationRequestEndpoint).filterProcessingUrl, this.relyingPartyRegistrationRepository));
        defaultLoginPageGeneratingFilter.setLoginPageUrl(getLoginPage());
        defaultLoginPageGeneratingFilter.setFailureUrl(getFailureUrl());
    }

    private Map<String, String> getIdentityProviderUrlMap(String str, RelyingPartyRegistrationRepository relyingPartyRegistrationRepository) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (relyingPartyRegistrationRepository instanceof Iterable) {
            ((Iterable) relyingPartyRegistrationRepository).forEach(relyingPartyRegistration -> {
                linkedHashMap.put(str.replace("{registrationId}", relyingPartyRegistration.getRegistrationId()), relyingPartyRegistration.getRegistrationId());
            });
        }
        return linkedHashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <C> C getSharedOrBean(B b, Class<C> cls) {
        C c = (C) b.getSharedObject(cls);
        return c != null ? c : (C) getBeanOrNull(b, cls);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <C> C getBeanOrNull(B b, Class<C> cls) {
        ApplicationContext applicationContext = (ApplicationContext) b.getSharedObject(ApplicationContext.class);
        if (applicationContext == null) {
            return null;
        }
        try {
            return (C) applicationContext.getBean(cls);
        } catch (NoSuchBeanDefinitionException e) {
            return null;
        }
    }

    private <C> void setSharedObject(B b, Class<C> cls, C c) {
        if (b.getSharedObject(cls) == null) {
            b.setSharedObject(cls, c);
        }
    }
}
